Office Communications Server 2007 R2 requires a public key infrastructure (PKI) to support Transport Layer Security (TLS) and mutual TLS (MTLS) connections. By default, Office Communications Server 2007 R2 is configured to use TLS for client-to-server connections. MTLS is used for connections between servers.

MTLS certificates must be issued by trusted certification authorities (CAs) for both Communicator Web Access and Office Communications Server, but the issuing CA can be different for Communicator Web Access and Office Communications Server.

Certificates that are issued from the following types of CAs are supported for both Office Communications Server and Communicator Web Access:

For a list of public CAs who have partnered with Microsoft to ensure that their certificates comply with specific requirements for Office Communications Server, see Knowledge Base article 929395, “Unified Communications Certificate Partners for Exchange 2007 and for Communications Server 2007,” at https://go.microsoft.com/fwlink/?LinkId=125763.

Office Communications Server 2007 R2 supports RSA certificates with a length of up to 4,096 bits.

Certificates for servers running Office Communications Server must be configured with an enhanced key usage (EKU) extension for server authentication.

A Web server certificate is required for the MSN network of Internet services and for Yahoo!. For AOL, the certificate must also be configured for client authentication. For federation and public IM connectivity, a certificate that is issued by a public CA is required. Public IM connectivity requires an additional license.